Security fix for flash-based cloud in Freetag plugin
Wednesday, September 14. 2011
Security fix for flash-based cloud ... Posted by Garvin Hicking in Plugins, Security at 09:17
Comments (3)
Trackbacks (0)
Security fix for flash-based cloud ... Posted by Garvin Hicking in Plugins, Security at 09:17
Comments (3)
Trackbacks (0)
MustLive discovered a HTML-injection vulnerability in the tagcloud.swf Flashfile that the Freetag-Plugin bundles and makes optionally available.
The issue is fixed in version 1.23 of the flashfile, which has now been committed to the Serendipity plugin (in version 3.30).
Since the swf-File is always bundled with the update, it is recommended to update to the latest version of the plugin for all users, or to delete that specific .swf file.
Thanks to MustLive for sharing the information with us.
MustLive discovered a HTML-injection vulnerability in the tagcloud.swf Flashfile that the Freetag-Plugin bundles and makes optionally available. The issue is fixed in version 1.23 of the flashfile, which has now been committed to the Serendipity plugin (in version 3.30). Since the swf-File is always bundled with the update, it is recommended to update to the latest version of the plugin for all users, or to delete that specific .swf file. Thanks to MustLive for sharing the information with us.